[Owasp-board] [GPC] OWASP code review guide V2.0

Eoin eoin.keary at owasp.org
Tue Jul 27 21:04:47 UTC 2010


Thanks!!!

On 27 July 2010 21:58, Jason Li <jason.li at owasp.org> wrote:

> Eoin,
>
> Looks like a very ambitious roadmap! :-)review
>
> With regards to the ESAPI/O2 section, does it make better sense to
> make them separate add-on appendices that the ESAPI/O2 projects
> respectively can contribute to independently of the overall Code
> Review Guide?
>
> Good luck - let us know if you there's anything you need.
>
> GPC - since Eoin has provided a specific target release date, let's
> make sure to leave room in our personal schedules in the January time
> frame to review the Code Review Guide so we can help him advance the
> CRG as quickly as possible. We should do the same for any other
> projects going forward that provide a target date for a release cycle.
>
> -Jason
>
> On Tue, Jul 27, 2010 at 4:35 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
> wrote:
> > GPC,
> >
> >
> >
> > Please see below for your information.
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Paulo Coimbra,
> >
> > OWASP Project Manager
> >
> >
> >
> > From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
> > Sent: terça-feira, 27 de Julho de 2010 21:37
> > To: <paulo.coimbra at owasp.org>; Owasp-codereview at lists.owasp.org; OWASP
> > Foundation Board List; Alessio Marziali; dinis cruz
> > Subject: OWASP code review guide V2.0
> >
> >
> >
> > Hi Paulo,
> >
> > can you inform the GPC of my intention to produce as new version of the
> code
> > review guide by January 2011. This is the same time the testing guide
> shall
> > be released.
> >
> > Major enhancements:
> >
> >
> >
> > Introduction to be re-written.
> >
> > Approach to code review (Risk based approach)to be re-written, re
> designed.
> >
> > Examples by Vulnerability and Technical control to be expanded and
> refined
> >
> > Common Numbering nomenclature to be used.
> >
> > Cross reference to TG and ASVS to be done.
> >
> > New sections on tools to be introduced.
> >
> > Expand technology specific sections
> >
> > Section on RIA (Rich Internet applications) to be introduced.
> >
> > WebServices section to be refined
> >
> > Malware and rootkit sections to be introduced.
> >
> > PCI section to be rewritten with more x-reference to other guides.
> >
> >
> >
> > Other ideas:
> >
> >
> >
> > ESAPI section: how to review OWASP ESAPI implementations?
> >
> > Risk based approach Vs ASVS levels
> >
> > Threat modeling and Triage chapters to be revised
> >
> > OWASP O2 section on O2 rules definition, development.
> >
> > Crawling code: Additional search vectors to be added
> >
> > Section on Code Crawler, quick start & configuration guide
> >
> >
> >
> > Suggestions, comments, ideas?
> >
> > --
> > Eoin Keary
> > OWASP Global Board Member
> > OWASP Code Review Guide Lead Author
> >
> > Sent from my i-Transmogrifier
> > http://asg.ie/
> > https://twitter.com/EoinKeary
> >
> > _______________________________________________
> > Global-projects-committee mailing list
> > Global-projects-committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global-projects-committee
> >
> >
>



-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100727/f8328045/attachment-0002.html>


More information about the Owasp-board mailing list